You can create easily Access control list based on the IP address/Host name using Tomcat Valves. A Valve element represents a component that will be inserted into the request processing pipeline for the associated Catalina container.
The Remote Address Filter allows you to compare the IP address of the client that submitted this request against one or more regular expressions, and either allow the request to continue or refuse to process the request from this client.
For example, to block all requests coming in except those from the local host:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1" />
The Remote Host filter is much like the Remote Address Valve, except it allows you to compare the remote host address of the client that submitted this request instead of the fixed IP address. A Remote Host filter can be associated with a Tomcat Engine , Host, or Context container. An example entry using the org.apache.catalina.valves.RemoteHostValve can be found in the following code snippet.
<Valve className="org.apache.catalina.valves.RemoteHostValve" deny="badhost*"/>
This valve entry denies access to the assigned container for the host whose name starts with badhost. If I assign this valve entry to the host container localhost, then all clients beginning with badhost will see a 403 - Forbidden page.